CVE-2024-9522

Summary

CVE-2024-9522 identifies a vulnerability in the WP Users Masquerade plugin for WordPress, specifically in versions up to 2.0.0, where an authentication bypass allows authenticated attackers with subscriber-level permissions to log in as any existing user, including administrators. This issue arises from improper authentication and capability checks in the 'ajax_masq_login' function. The potential risk includes high confidentiality and integrity impacts, as attackers could gain unauthorized access to sensitive user accounts and data. To remediate this vulnerability, users must update the plugin to a secure version as recommended by security advisories. Organizations are advised to monitor their WordPress installations for this vulnerability due to its high severity rating of 8.8 on the CVSS scale and the low privileges required for exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.